Improve auth framework with authenticator type. #5854
Conversation
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
3 times, most recently
from
1d2acfb
to
22e9aa3
Compare
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
3 times, most recently
from
fc0870a
to
35adc6b
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
5 times, most recently
from
7311b5c
to
c54c2a7
Compare
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
from
c54c2a7
to
3b41d60
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
3 times, most recently
from
31bbc5c
to
5417c4a
Compare
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
from
5417c4a
to
567d5aa
Compare
| default AuthenticatorType getAuthenticatorType() { | ||
|
|
||
| return AuthenticatorType.FLOW_HANDLER; | ||
| } | ||
|
|
There was a problem hiding this comment.
Is this needed ?
Does this authenticator get returned back in authenticator API ?
There was a problem hiding this comment.
No this authenticator get returned back in authenticator API. But as we are overriding this method in all other marker interface, though of adding for this also.
If this is unnecessary will remove this.
| @@ -713,7 +713,8 @@ protected void doAuthentication(HttpServletRequest request, HttpServletResponse | |||
| } | |||
|
|
|||
| String idpName = FrameworkConstants.LOCAL_IDP_NAME; | |||
| if (context.getExternalIdP() != null && authenticator instanceof FederatedApplicationAuthenticator) { | |||
| if (context.getExternalIdP() != null && (AuthenticatorType.FEDERATED.equals(authenticator | |||
| .getAuthenticatorType()) || AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()))) { | |||
There was a problem hiding this comment.
Don't we need to check for the user here ?
There was a problem hiding this comment.
At this point, the authentication have not happened yet, therefore, cannot check user type. Also this check is just to decide, what should be goes to diagnostic log; whether LOCAL and specific idp name based on the authenticator Type (as local authenticators does not have associated IDP).
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
from
80458db
to
3737a6e
Compare
Thisara-Welmilla
force-pushed
the
improve-auth-framework
branch
from
3737a6e
to
a4dc9b6
Compare
Thisara-Welmilla
changed the base branch from
master
to
authentication-extension
Task issue:
With above feature, we will introduce an authentication adapter that extends the
AbstractApplicationAuthenticatorand implements theFederatedApplicationAuthenticatorclass. This adapter will support to authenticated both LOCAL and FEDERATED users and user type will be defined at runtime. The authentication flow will need to accommodate both types. To achieve this, the following improvements will introduced with this PR:getAuthenticatorType()to theApplicationAuthenticatorinterface, with UNDEFINED as the default return value.ApplicationAuthenticatorwill override thegetAuthenticatorType()method to return their specific authenticator type.instanceof FederatedApplicationAuthenticatorcheck, which ideally should be based on the authenticated user (isFedUser()) of the corresponding step. Those will be replaced withAuthenticatorType.FEDERATED.equals(authenticator.getAuthenticatorType())to support the existing behavior.(AuthenticatorType.CUSTOM.equals(authenticator.getAuthenticatorType()) && stepConfig.getAuthenticatedUser().isFederatedUser()).